Актуальность внедрения стандарта ISO/IEC 27001

Abstract

The information is one of the most important business resources who provides the organizations additional cost and thereof requires protection. ISO/IEC 27001 is the formal set of specifications against which organizations may seek independent certification of their Information Security Management System (ISMS). ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organization’s information security risks. The standard covers all types of organizations such as commercial enterprises, government agencies and non-profit organizations.